Description of the security update for SharePoint Enterprise Server 2016: April 11, 2023 (KB5002385)

Description of the security update for SharePoint Enterprise Server 2016: April 11, 2023 KB5002385 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures...

SUSE CVE-2006-1681

Cross-site scripting XSS vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated...

SUSE CVE-2018-19131

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTPS error page generation for certificate errors...

CVE-2022-32269

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages displayed by Internet Explorer core. This leads to arbitrary code execution...

Apache HTTP Server Detection (HTTP Error Page)

HTTP error-page based detection of the Apache HTTP Server. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCUFILEINIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages...

Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution

Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution Date: 2018-08-15 Exploit Author: Milad Fadavvi Author's LinkedIn: https://www.linkedin.com/in/fadavvi/ Vendor Homepage: https://www.comodo.com/ Version: Releases before 2.7.0 & 1.5.0 Tested on:...

Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution

Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution Date: 2018-08-15 Exploit Author: Milad Fadavvi Author's LinkedIn: https://www.linkedin.com/in/fadavvi/ Vendor Homepage: https://www.comodo.com/ Version: Releases before 2.7.0 & 1.5.0 Tested on:...

CVE-2019-19342

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose wi...

Error: “Cannot Complete Your Request” When Using Custom Portal Theme on AAA or Gateway VServer

Custom portal theme on AAA or Gateway VServer shows ‘Cannot complete your request’ error instead of the login page. When you click OK, you see the logon page and after your enter credential you can access your published resources. In-built theme works fine. When we create a new custom portal them...

SUSE SLED15 / SLES15 Security Update : libzypp, zypper (SUSE-SU-2018:2690-1)

This update for libzypp, zypper, libsolv provides the following fixes : Security fixes in libzypp : CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: Update to version...

XenMobile/Endpoint Management: Cloud Gear Icon returning "this page isn't working HTTP ERROR 400"

Description: error "this page isn't working HTTP ERROR 400" may be displayed when trying to access the Cloud XenMobile / Endpoint Management Client instance when customers go to their own xxxx.xm.cloud and then click on the Could Gear Icon from the green tool bar at the top Doing so, will...

Chaturbate: Unrestricted POST request size on roomlogin endpoint

POST requests to endpoint /roomlogin/ are not limited in size. While the main website login endpoint correctly limits the size of request, this endpoint does not. This can be a mean to perform a DOS attack. Steps To Reproduce: 1. has a password-protected stream. 2. Send a large POST request to...

SUSE SLED12 / SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2814-1)

This update for libzypp, zypper fixes the following issues : Update libzypp to version 16.17.20 : Security issues fixed : PackageProvider: Validate deta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 PackageProvider: Validate downloaded rpm package signatures before caching bsc1091624,...

Cannot access the url for SSPR: Getting HTTP error 403.14 :Forbidden

Setup for user configuration has been done. Now when I try to access the sspr url; it doesnt go through. Tried on one machineSSPR server and with one user...

Security update for libzypp, zypper (important)

This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp: - Update to version...

SUSE SLES12 Security Update : libzypp, zypper (SUSE-SU-2018:2716-1)

This update for libzypp, zypper provides the following fixes : Update libzypp to version 16.17.20 Security issues fixed : PackageProvider: Validate delta rpms before caching bsc1091624, bsc1088705, CVE-2018-7685 PackageProvider: Validate downloaded rpm package signatures before caching bsc1091624...

openSUSE Security Update : libzypp / zypper (openSUSE-2018-1017)

This update for libzypp, zypper, libsolv provides the following fixes : Security fixes in libzypp : - CVE-2018-7685: PackageProvider: Validate RPMs before caching bsc1091624, bsc1088705 - CVE-2017-9269: Be sure bad packages do not stay in the cache bsc1045735 Changes in libzypp : - Update to...

Error: "HTTP/1.1 Internal Server Error 43554" When Logging to NetScaler

App Enumeration failure with "HTTP 1.1 Internal server error 43554"...

Security Bulletin: Vulnerability in Rational Directory Server help files system with potential for debug info in error message (CVE-2013-0599)

Summary A parameter path to the Rational Directory Server help documentation causes an error message response from the server with HTTP ERROR 500 debug information displayed in the browser. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts li...